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Abstract 

We present RSLR, an implicit higher-order characterization of the class PP of those problems 
which can be decided in probabilistic polynomial time with error probability smaller than 1/2. 
Analogously, a (less implicit) characterization of the class BPP can be obtained. RSLR is 
an extension of Hofmann's SLR with a probabilistic primitive, which enjoys basic properties 
such as subject reduction and confluence. Polynomial time soundness of RSLR is obtained by 
syntactical means, as opposed to the standard literature on SLR-derived systems, which use 
semantics in an essential way. 

1 Introduction 

Implicit computational complexity (ICC) combines computational complexity, mathematical logic, 
and formal systems to give a machine independent account of complexity phenomena. It has been 
successfully applied to the characterization of a variety of complexity classes, especially in the 
sequential and parallel modes of computation (e.g., FP HHI], PSPACE [H, LOGSPACE [TU] , 
NC |S]). Its techniques, however, may be applied also to non-standard paradigms, like quantum 
computation [7j and concurrency [5]. Among the many characterizations of the class FP of 
functions computable in polynomial time, we can find Hofmann's safe linear recursion [8] (SLR in 
the following) , an higher-order generalization of Bellantoni and Cook's safe recursion [5] in which 
linearity plays a crucial role. 

Randomized computation is central to several areas of theoretical computer science, including 
cryptography, analysis of computation dealing with uncertainty and incomplete knowledge agent 
systems. In the context of computational complexity, probabilistic complexity classes like BPP 
are nowadays considered as very closely corresponding to the informal notion of feasibility, since 
a solution to a problem in BPP can be computed in polynomial time up to any given degree 
of precision: BPP is the set of problems which can be solved by a probabilistic Turing machine 
working in polynomial time with a probability of error bounded by a constant strictly smaller than 
1/2. 

Probabilistic polynomial time computations, seen as oracle computations, were showed to be 
amenable to implicit techniques since the early days of ICC, by a relativization of Bellantoni and 
Cook's safe recursion [3]. They were then studied again in the context of formal systems for 
security, where probabilistic polynomial time computation plays a major role [51 114|. These two 
systems build on Hofmann's work on SLR, adding a random choice operator to the calculus. The 
system in [3], however, lacks higher-order recursion, and in both papers the characterization of 
the probabilistic classes is obtained by semantic means. While this is fine for completeness, we 
think it is not completely satisfactory for soundness — we know from the semantics that for any 
term of a suitable type its normal form may be computed within the given bounds, but no notion 
of evaluation is given for which computation time is guaranteed to be bounded. 

In this paper we propose RSLR, another probabilistic variation on SLR, and we show that 
it characterizes the class PP of those problems which can be solved in polynomial time by a 
Turing machine with error probability smaller than 1/2. This is carried out by proving that any 
term in the language can be reduced in polynomial time, but also that any problems in PP can 
be represented in RSLR. A similar result, although in a less implicit form, is proved for BPP. 
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Unlike [S], RSLR has higher-order recursion. Unhke [3] and [H], the bound on reduction time is 
obtained by syntactical means, giving an explicit notion of reduction which realizes that bound. 

1.1 Related Works 

We discuss here in more details the relations of our system to the previous work we already cited. 

More than ten years ago, Mitchell, Mitchell, and Scedrov [S] introduced OSLR, a type system 
that characterizes oracle polynomial time functionals. Even if inspired by SLR, OSLR does not 
admit primitive recursion on higher-order types, but only on base types. The main theorem shows 
that terms of type nN™ — ^ N" — ^ N define precisely the oracle polynomial time functionals, 
which constitutes a class related but different from the ones we are interested in here. Finally, 
inclusion in the polynomial time class is proved without studying reduction from an operational 
viewpoint, but only via semantics: it is not clear for which notion of evaluation, computation time 
is guaranteed to be bounded. 

Recently, Zhang's [T3] introduced a further system (CSLR) which builds on OSLR and allows 
higher-order recursion. The main interest of the paper are applications to the verification of 
security protocols. It is stated that CSLR defines exactly those functions that can be computed by 
probabilistic Turing machines in polynomial time, via a suitable variation of Hofmann's techniques 
as modified by Mitchell et al. This is again a purely semantic proof, whose details are missing 
in [H]. 

Finally, both works are derived from Hofmann's one, and as a consequence they both have 
potential problems with subject reduction. Indeed, as Hofmann showed in his work [5], subject 
reduction does not hold in SLR, and hence is problematic in both OSLR and CSLR. 

1.2 RSLR: An Informal Account 

Our system is called RSLR, which stands for Random Safe Linear Recursion. 

RSLR can be thought of as the system obtained by endowing SLR with a new primitive for 
random binary choice. Some restrictions have to be made to SLR if one wants to be able to 
prove polynomial time soundness easily and operationally. And what one obtains at the end is 
indeed quite similar to (a probabilistic variation of) Bellantoni, Niggl and Schwichtenberg calculus 
RA [5J[T31. Actually, the main difference between RSLR and SLR deals with linearity: keeping 
the size of reducts under control during normalization is very difficult in presence of higher-order 
duplication. For this reason, the two function spaces A ^ B and A ^ _B of SLR collapse to just 
one in RSLR, and arguments of an higher-order type can never be duplicated. This constraint 
allows us to avoid an exponential blowup in the size of terms and results in a reasonably simple 
system for which polytime soundness can be proved explicitly, by studying the combinatorics of 
reduction. Another consequence of the just described modification is subject reduction, which can 
be easily proved in our system, contrarily to what happens in SLR [H]. 

1.3 On the Difficulty of Probabilistic ICC 

Differently from most well known complexity classes such as P, NP and LOGSPACE. the 
probabilistic hierarchy contains so-called "semantic classes", like BPP and ZPP. A semantic class 
is a complexity class defined on top of a class of algorithms which cannot be easily enumerated: a 
probabilistic polynomial time Turing machine does not necessarily solve a problem in BPP nor in 
ZPP. For most semantic classes, including BPP and ZPP, the existence of complete problems 
and the possibility to prove hierarchy theorems are both open. Indeed, researchers in the area 
have proved the existence of such results for other probabilistic classes, but not for those we are 
interested into [?]. 

Now, having a "truly implicit" system / for a complexity class C means that we have a way to 
enumerate a set of programs solving problems in C (for every problem there is at least one program 
that solves it). The presence or absence of complete problems is deeply linked with the possibility 
to have a real ICC system for these semantic classes. In our case the "semantic information" in 
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BPP and ZPP, that is the probabihty error, seems to be an information that is impossible to 
capture with syntactical restrictions. We need to execute the program in order to check if the 
error bound is correct or not. 



2 The Syntax and Basic Properties of RSLR 

RSLR is a fairly standard Curry-style lambda calculus with constants for the natural numbers, 
branching and recursion. Its type system, on the other hand, is based on ideas coming from linear 
logic (some variables can appear at most once in terms) and on a distinction between modal and 
non modal variables. 

Let us introduce the category of types first: 

Definition 2.1 (Types). The types of RSLR are generated by the following grammar: 

A:-~N \DA~^ A\UA^ A. 

Types different from N are denoted with metavariables like H ot G. N is the only base type. 

There are two function spaces in RSLR. Terms which can be typed with MA B are such 
that the result (of type B) can be computed in constant time, independently on the size of the 
argument (of type A) . On the other hand, computing the result of functions in — ;> B requires 
polynomial time in the size of their argument. 

A notion of subtyping is used in RSLR to capture the intuition above by stipulating that the 
type MA ^ i? is a subtype of DA — > B. Subtyping is best formulated by introducing aspects: 

Definition 2.2 (Aspects). An aspect is either □ or ■: the first is the modal aspect, while the sec- 
ond is the non modal one. Aspects are partially ordered by the binary relation {(□, □), (□, H), (H, H)}, 

noted <:. 

Subtyping rules are in Figure [T] 



-:4^(S-REFL) ^4<:^_^<lCL (S-TRANS) 

B <: A C <: D b <: a 



aA^C <:bB ^ D 



(S-Sub) 



Figure 1: Subtyping rules. 



RSLR's terms are those of an applied lambda calculus with primitive recursion and branching, 
in the style of Godel's T: 

Definition 2.3 (Terms). Terms and constants are defined as follows: 

t ::=x I c I ts I A.T : aA.t \ case^ t zero s even r odd q \ recursion^ tsr; 
c y—n I So I Si I P I rand. 

Here, x ranges over a denumerable set of variables and n ranges over the natural numbers seen 
as constants of base type. Every constant c has its naturally defined type, that we indicate with 
type{c). As an example, type{n) = N for every n, type{Tan.d) = N, while type{So) = BN — > N. 
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The size \t\ of any term t can be easily defined by induction on t: 



\x 
\ts 

\Xx : aA.t 

|casey!i t zero s even r odd q 
jrecursion^ t sr 

\n 

|So| = |Si 



= 1; 

= \t\ + \s\; 

= |t| + l; 

= \t\ + \s\ + \r\ + \q 

= \t\ + \s\ + \r\ + 1; 

= riog2(")l; 

= |P| = Irandl = 1. 



A term is said to be explicit if it does not contain any instance of recursion. As usual, terms are 
considered modulo a-conversion. Free (occurrences of) variables and capture-avoiding substitution 
can be defined in a standard way. 

The main peculiarity of RSLR with respect to similar calculi is the presence of a constant for 
random, binary choice, called rand, which evolves to either or 1 with probability i. Although 
the calculus is in Curry-style, variables are explicitly assigned a type and an aspect in abstractions. 
This is for technical reasons that will become apparent soon. 

The presence of terms which can (probabilistically) evolve in different ways makes it harder to 
define a confluent notion of reduction for RSLR. To see why, consider a term like 

t — {Xx : ■N.(t^a;a;))rand 

where is a term computing on natural numbers seen as booleans (0 stands for "false" and 
everything else stands for "true"): 



Xx 
Ay 
Ay 



IN.caseBN_^N x zero even odd r^; 
IN.caseN y zero even 1 odd 1; 
IN.caseisr y zero 1 even odd 0. 



If we evaluate t in a call-by- value fashion, rand will be fired before being passed to and, as a 
consequence, the latter will be fed with two identical natural numbers, returning with probability 
1. If, on the other hand, rand is passed unevaluated to the four possible combinations on 
the truth table for © will appear with equal probabilities and the outcome will be or 1 with 
probability ^. In other words, we need to somehow restrict our notion of reduction if we want it 
to be consistent, i.e. confluent. 

For the just explained reasons, arguments are passed to functions following a mixed scheme in 
RSLR: arguments of base type are evaluated before being passed to functions, while arguments 
of an higher-order type are passed to functions possibly unevaluated, in a call-by-name fashion. 
Let's first of all define the one-step reduction relation: 

Definition 2.4 (Reduction). The one-step reduction relation ^ is a binary relation between 
terms and sequences of terms. It is defined by the axioms in Figure [2] and can be applied in any 
contexts, except in the second and third argument of a recursion. A term t is in normal form if t 
cannot appear as the left-hand side of a pair in — >. NF is the set of terms in normal form. 

Informally, t si, . . . , s„ means, informally, that t can evolve in one-step to each of si, . . . , s„ 
with the same probability i. As a matter of fact, n can be either 1 or 2. 

A multistep reduction relation will not be defined by simply taking the transitive and reflective 
closure of — >, since a term can reduce in multiple steps to many terms with different probabilities. 
Multistep reduction puts in relation a term t to a, probability distribution on terms &t such that 
^t(s) > only if s is a normal form to which t reduces. Of course, if t is itself a normal form. &t 
is well defined, since the only normal form to which t reduces is t itself, so %{t) = 1. But what 
happens when t is not in normal form? Is &t a well-defined concept? Let us start by giving some 
rules deriving statements in the form t 
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case^ 


zero t even 


s odd r - 


->t; 


case^ (Son) 


zero t even 


s odd r - 


-> s; 


case^ (Sin) 


zero t even 


s odd r - 


-> r; 




recursionyi g f - 


^ .9; 




recursionyi ng f - 








Son - 


^ 2 • n; 






Sin - 








PO - 


^ 0; 






Pn - 






{Xx : 


aN.t)n - 






(Ace 


aH.t)s - 


-> t[x/s]; 




{Xx : 


aA.t)sr - 
rand - 


-> (Ax : aA.tr)s; 

^0,1; 



Figure 2: One-step reduction rules. 

Definition 2.5 (Multistep Reduction). The binary relation between terms and probability 
distributions is defined by the rules in Figure [31 









t S>t 



Figure 3: Multistep Reduction: Inference Rules 

In Section we will prove that for every t there is at most one such that t ^. We are 
finally able to present the type system. Preliminary to that is the definition of a proper notion of 
a context. 

Definition 2.6 (Contexts). A context F is a finite set of assignments of types and aspects to 
variables, in the form x : aA. As usual, we require contexts not to contain assignments of distinct 
types and aspects to the same variable. The union of two disjoint contexts F and A is denoted as 
F, A. In doing so, we implicitly assume that the variables in F and A are pairwise distinct. The 
union F, A is sometimes denoted as F; A. This way we want to stress that all types appearing in 
F are base types. With the expression F <: a we mean that any aspect b appearing in F is such 
that b <: a. 

Typing rules are in Figure 2) Observe how rules with more than one premise are designed in 
such a way as to guarantee that whenever T \~ t : A can be derived and x : aH is in F, then x can 
appear free at most once in t. If y : aN is in F, on the other hand, then y can appear free in t an 
arbitrary number of times. 

Definition 2.7. A first-order term of arity fc is a closed, well typed term of type aiN — 
. . . flfcN — s> N for some ai, . . . , a^. 

Example 2.1. Let's see some examples. Two terms that we are able to type in our system and 
one that is not possible to type. 
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x:aAeT (T-Var-Aff) . i ^' ^ (T-Sub) 



x: A ^ ' Tht: B 



T,x:aAht:B ^ (T-Const-Aff) 

r h Ax : aA.t : aA ^ B (T-A^^^^-I) T h c : t,pe(c) 



r;Ail-i:N T; A3 h r : A 
T; A2 h s : A T; A4 h q : A .4 is D-free 
F; Ai, A2, A3, A4 h caseyi t zero s even r odd q : A 

Ti; Ai h t : N 
ri,r2;A2hs:A ri;Ai<:n 
ri,r2;h r : DN ^ BA ^ A A is D-free 



(T-Case) 



Fi, r2; Ai, A2 h recurs ioiiyi t sr : A 
T;Ai\-t:aA^B T; A2 h s : A r,A2<:a 



T; Ai,A2 h {ts) : B 



(T-Rec) 
(T-Arr-E) 



Figure 4: Type rules 



As we will see in Chapter 14.11 we are able to type addition and multiplication. Addition gives 
in output a number (recall that we are in unary notation) such that the resulting length is the 
sum of the input lengths. 

add =Xx : DN.Xy : BN. 

recursioHN xy{Xx: DN.Xy : BN.Siy) : DN BN N 

We are also able to define multiplication. The operator is, as usual, defined by apply a sequence 
of additions. 

mult =Xx : ON.Xy : DN. 

recursioiiN (P.t) y {Xx : DN.Az : BN.addj/z) : DN DN N 

Now that we have multiplication, why not insert it in a recursion and get an exponential? As it 
will be clear from the next example, the restriction on the aspect of the iterated function save us 
from having an exponential growth. Are we able to type the following term? 

Xh : DN.recursioHN h (11) {Xx : DN.Xy ; BN.mult(y, y)) 

The answer is negative: the operator mult requires input of aspect □, while the iterator function 
need to have type DN BN N. 

2.1 Subject Reduction 

The first property we are going to prove about RSLR is preservation of types under reduction, the 
so-called Subject Reduction Theorem. The proof of it is going to be very standard and, as usual, 
amounts to proving substitution lemmas. Preliminary to that is a technical lemma saying that 
weakening is derivable (since the type system is affine): 

Lemma 2.1 (Weakening Lemma). If T h t : A, then F, x : bB 'r t : A whenever x does not appear 
in F. 

Proof. By induction on the structure of the typing derivation for t. 
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• If last rule was (T-Var-Aff) or (T-Const-Aff), we are allowed to add whatever we want 
in the context. This case is trivial. 

• If last rule was (T-Sub) or (T-Arr-I), the thesis is proved by using induction hypothesis on 
the premise. 

• Suppose that the last rule was: 



r;Aihu:N T; A3 h r : A 
T; A2 h s : A T; A4 h g : A A is D-free 
F; Ai, A2, A3, A4 h case^ u zero s even r odd q : A 



(T-Case) 



If i? = N we can easily do it by applying induction hypothesis on every premises and add x 
to r. Otherwise, we can do it by applying induction hypothesis on just one premise and the 
thesis is proved. 
• Suppose that the last rule was: 



ri;Ai hg:N 
ri,r2;A2hs:A ri;Ai<:n 
ri,r2;hr :nN^H.4^ A A is D-free 
Fi, r2; Ai, A2 K recursion^ q sr : A 



(T-Rec) 



Suppose that B = N, we have the following cases: 

• If 6 = □, we can do it by applying induction hypothesis on all the premises and add x in 

• If & = ■ we apply induction hypothesis on ri,r2; A2 \- s : A and on ri,r2;h r : DN — > 
UA^A. 

Otherwise we apply induction hypothesis on Fi; Ai h : N or on ri,r2; A2 \- s : A and we 
are done. 

• Suppose that the last rule was: 

^■^^^^r:aA^B T;A,^s:A T^A^ 

r;Ai,A2h(rs):S ^ ^ 

If _B = N we have to apply induction hypothesis on all the premises. Otherwise we apply 
induction hypothesis on just one premise and the thesis is proved. 
This concludes the proof. □ 

Two substitution lemmas are needed in RSLR. The first one applies when the variable to be 
substituted has a non-modal type: 

Lemma 2.2 (B-Substitution Lemma). Let T; A h t : A. Then 

1. ifT~x: UN, Q, then O; A h t[x/n\ : A for every n; 

2. ifA^x: UH, Q and T;E \- s : H , then T; 8, S h t[x/s] : A. 

Proof. By induction on a type derivation of t. 

• If the last rule is (T-Var-Aff) or (T-Arr-I) or (T-Sub) or (T-Const-Aff) the proof is 
trivial. 

• If the last rule is (T-Case). By applying induction hypothesis on the interested term we can 
easily derive the thesis. 

• If the last rule is (T-Rec), our derivation will have the following appearance: 

r2;A4hg:N 
r2,r3;A5hs:B r2;A4<:n 
Ts, Ta; h r : DN ^ ^ B B is D-free 



r2, Fa; A4, A5 h recursions qsr : B 



(T-Rec) 



By definition, x : MA cannot appear in r2;A4. If it appears in A5 we can simply apply 
induction hypothesis and prove the thesis. We will focus on the most interesting case: it 
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appears in Fa and so A = N. In that case, by the induction hypothesis applied to (type 
derivations for) s and r, we obtain that: 

r2,r4; ^ s[x/n]: B 

r2,r4; h r[x/n] : DN ^ MB ^ B 

where Fa = r4,x : BN. 

• If the last rule is (T-Arr-E), 

r^^'^r-"" ^'^^^^^ (T-ARR-E) 
r, A4, As h (ts) : B ^ ' 

If X : A is in F then we apply induction hypothesis on both branches, otherwise it is either in 
A4 or in A5 and we apply induction hypothesis on the corresponding branch. We arrive to the 
thesis by applying (T-Arr-E) at the end. 
This concludes the proof. □ 

Notice how two distinct substitution statements are needed, depending on the type of the 
substituted variable being a base or an higher-order type. Substituting a variable of a modal type 
requires an additional hypothesis on the term being substituted: 

Lemma 2.3 (D-Substitution Lemma). Let T; A \- t : A. Then 

1. ifV = x: DN, 6; then 6; A h t[x/n] : A for every n; 

2. ifA^x: DH, Q and T;E \- s : H where F, S <: D, then F; 6, S h t[x/s] : A. 

Proof. By induction on the derivation. 

• If last rule is (T-Var-Aff) or (T-Arr-I) or (T-Sub) or (T-Const-Aff) the proof is trivial. 

• If last rule is (T-Case). By applying induction hypothesis on the interested term we can easily 
derive the thesis. 

• If last rule is (T-Rec), our derivation will have the following appearance: 

F2;A4h9:N 
F2,F3;A5hs:B F2;A4<:n 
F2, F3; h r : DN ^ ^ B B is D-free 



r2, F3; A4, A5 h recursion^ qsr : B 



(T-Rec) 



By definition x : [2A can appear in Fi;A4. If so, by applying induction hypothesis we can 
derive easily the proof. In the other cases, we can proceed as in Lemma [2.21 We will focus on 
the most interesting case, where x : DA appears in F2 and so A = N. In that case, by the 
induction hypothesis applied to (type derivations for) s and r, we obtain that: 



r4,F3;A5 hs[a;/7i] : B 

Ta, F3; h r[x/n] : DN ^ ^ B 



where F2 = F4,a; : DN. 
If last rule is (T-Arr-E), 



T-A^^t-.aC^B F;A5h5:C F,A5<:a 

F,A4,A5h(ts) :B ^ ' ' 

If X : A is in F then we apply induction hypothesis on both branches, otherwise it is either in 
A4 or in A5 and we apply induction hypothesis on the relative branch. We prove our thesis 
by applying (T-Arr-E) at the end. 
This concludes the proof. □ 

Substitution lemmas are necessary ingredients when proving subject reduction. In particular, 
they allow to prove that types are preserved along beta reduction steps, the other reduction steps 
being very easy. We get: 
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Theorem 2.4 (Subject Reduction). Suppose that F h i : A. If t ^ ti . . .tj , then for every 
i G {1, . . . , j}, it holds that T h ti : A. 

Proof. By induction on the derivation for term t. We will check the last rule. 

• If last rule is (T-Var-Aff) or (T-Const-Aff). The thesis is trivial. 

• If last rule is (T-Sub). The thesis is trivial. 

• If last rule is (T-Arr-I). The term cannot reduce due to is a value. 

• If last rule is (T-Case). 



r;Aihs:iV T; A3 h g : ^ 
T; A2 h r : A T; A4 h m : A ^ is D-free 
F; Ai, A2, A3, A4 h case^ s zero r even q odd u : A 



(T-Case) 



Our final term could reduce in two ways. Either we do /3-reduction on s, r, q or w, or we choose 
one of branches in the case. In all the cases, the proof is trivial. 
• If last rule is (T-Rec). 

p:ri;Aihs:N 

: ri,r2;A2 hr : A ri;Ai<:n 
V ■.ri,r2;\- q -.aN ^ MA ^ A AisD-free 



Fi, r2; Ai, A2 K recursionyi sr q : A 



(T-Rec) 



Our term could reduce in three ways. We could evaluate s (trivial), we could be in the case 
where s = (trivial) and the other case is where we unroll the recursion (so, where s is a value 
n > 1). We are going to focus on this last option. The term rewrites to (;n(recursionT- [-^J r q). 
We could set up the following derivation. 

(T-Const-Aff) 

;/ ■ r, r„- A„ I- T- ■ /) 

(T-Rec) 



ri;Aih LfJ :N 

^= iy:ri,r2;h q-.ON ^mA^ A ^ : Ti,r2; A2 h r : A 



Ti, r2; Ai, A2 h recursionT- lj\rq:A 

-TT^ (T-Const-Aff) 

a = ^:0;ri,r2hg:DN^BA^A 0;0hn:N ^ ' 

0;ri,r2 h g?i : HA^ A ^ ' 

By gluing the two derivation with the rule (T-Arr-E) we obtain: 

CT : Yx,Y2\^ qn -.WA^ A 

l\rG: A 

(T-Arr-E) 



TT : Fi, r2; Ai, A2 h recursion!- J 1'- A 
ri,r2,r3; Ai, A2 l~ gn(recursion^ [|J r q) : A 

Notice that in the derivation ly we put ri,r2 on the left side of";" and also on the right side. 
Recall the definition 12. 6[ about We would stress out that all the variable on the left side 
have base type, as ri,r2 have. The two contexts could also be "shifted" on the right side 
because no constrains has been set on the variables on the right side. 

• If last rule was (T-Sub) we have the following derivation: 

If s reduces to r we can apply induction hypothesis on the premises and having the following 
derivation: 

• If last rule was (T-Arr-E), we could have different cases. 

• Cases where on the left part of our application we have S;, P is trivial. 
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Let's focus on the case where on the left part we find a A-abstraction. We wiU consider the 
case only where we apply the substitution. The other case are trivial. We could have two 
possibilities: 

• First of all, we can be in the following situation: 

r-Ai h Xx-.MA.r -.aC ^ B T;A2^s:C r,A2<:a 

r,Ai,A2h {\x ■.mA.r)s : B ( - RR- j 

where C <: A and a <: ■. We have that {Xx : UA.r)s rewrites to r[x/s]. By looking 
at rules in Figure [1] we can deduce that F; Ai h Ax : UA.r : aC — ?► B derives from 
F;a; : UA,Ai \- r : D (with D <: B). For the reason that C <: A we can apply 
(T-Sub) rule to F; A2 h s : C and obtain F; A2 h s : A By applying Lemma 1^?^ we get 
to 

F,Ai,A2hr[x/s] :D 

from which the thesis follows by applying (T-Sub). 

• But we can even be in the following situation: 

V-AiV-Xx:UA.r:UC^B F;A2hs:C F,A2<:n ^, 

■ : ( i-ARR-rj) 

F, Ai,A2 h (Ax : □^.r)s : S ^ ' 

where C <: A. We have that [Xx : □A.r)s rewrites in ?-[a;/s]. We behave as in the 

previous point, by applying Lemma 12.31 and we are done. 
Another interesting case of application is where we perform a so-called "swap". (Aa; : aA.qjsr 
rewrites in {Xx : aA.qr)s. From a typing derivation with conclusion F, Ai, A2, A3 h [Xx : 
aA.q)sr : C we can easily extract derivations for the following: 

F; Ai,.T : aA\- q : bD ^ E 
F;A3hr :B 
F;A2hs:F 

where B <: D, E <:C and A <: F and F, A3 <: b and F, A2 <: a. 

r,A3 <:6 
F;A3 Fr : S 
T\Ai,x:aAV-q:bD^E 



F; Ai, A3,x -.aA^qr-.E 



(T-Arr-E) 
(T-Arr-I) 



F;Ai, A3, h Ax : a^.qr : ^ S g^g^j F,A2<:a 



F; Ai, A3,h Ax : aAgr : aF ^ C ' ' F; A2 h s : 

F, Ai, A2, A3 h (Ax : aA.qr)s : C 



(T-Arr-E) 



• All the other cases can be brought back to cases that we have considered. 
This concludes the proof. □ 

Example 2.2. In the following example we consider an example similar to one by Hofmann [S]. 
Let / be a variable of type HN N. The function h = Xg : ■(■N N).Ax : ■N.(/(.gx)) gets 
type ■(■N N) -> BN ^ N. Thus the function {Xv : ■(■N 'N).hv)Si takes type HN N. 
Let's now execute /3 reductions, by passing the argument Si to the function h and we obtain the 
following term: Ax : ■N.(/(Six)) It's easy to check that the type has not changed. 

2.2 Confluence 

In view of the peculiar notion of reduction given in Definition 12.41 let us go back to the counterex- 
ample to confluence given in the Introduction. The term t = {Xx : ■N.(i0Xx))rcLnd cannot be 
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reduced to rand rand anymore, because only numerals can be passed to functions as arguments 
of base types. The only possibility is reducing t to the sequence 



{Xx : ■N.(iea;a;))0, (Ax : ■N.(iexa;))l 

Both terms in the sequence can be further reduced to 0. In other words, t {0^}. 

More generally, the phenomenon of non-convergence of final distributions can no longer happen 
in RSLR. Technically, this is due to the impossibility of duplicating terms that can evolve in a 
probabilistically nontrivial way, i.e., terms containing occurrences of rand. In the above example 
and in similar cases we have to evaluate the argument before firing the /3-redex — it is therefore 
not possible to obtain two different distributions. RSLR can also handle correctly the case where 
rand is within an argument t of higher-order type: terms of higher-order type cannot be duplicated 
and so neither any occurrences of rand inside them. 

Confluence of our system is proved by first show a kind of confluence for the single step arrow; 
then we show the confluence for the multistep arrow. This allows us to certify the confluence of 
our system. 

Lemma 2.5. Let t be a well typed term in RSLR; if t v and t z (v and z distinct) then 
exactly one of the following holds: 

• 3a s.t. w — > a and z a 

• V ^ z 

• z — > f 

Proof. By induction on the structure of the typing derivation for the term t. 

• If i is a constant or a variable, the theorem is easily proved. The premise is always false, so 
the theorem is always valid. Remember that rand — )• 0, 1. 

• If last rule was T-SuB or T-Arr-I, by applying induction hypothesis the case is easily proved. 

• If last rule was T-Case. Our derivation will have the following shape: 



T; Ai h s : iV T; A3 h g : ^ 
T; A2 h r : A T; A4 h m : A ^ is D-free 
F; Ai, A2, A3, A4 h case^ s zero r even q odd u : A 



(T-Case) 



We could have reduced one of the following s, r, g, u terms or a combination of them. In the 
first case we prove by applying induction hypothesis and in the latter case we can easily find 
a s.t. w — > a and z ^ a: is the term where we apply both reductions. Last case is where from 
one part we reduce the case, selecting a branch and from the other part we reduce one of the 
subterms. As can be easily seen, it is trivial to prove this case; we can easily find a common 
confluent term. 

If last rule was T-Rec, our derivation will have the following shape: 



r2;A4hg:N 
r2,r3;A5hs:B r2;A4<:n 
T2, Fg; h r : DN ^ ^ B B is D-free 
r2, F3; A4, A5 \- recursions qsr : B 



(T-Rec) 



By definition, we can have reduction only on q or, if g is a value, we can reduce the recursion 
by unrolling it. In both cases the proof is trivial. 

If last rule was T-Arr-E. Our term could have different shapes but the only interesting cases 
are the following ones. The other cases can be easily brought back to cases that we have 
considered. 

• Our derivation will end in the following way: 

F; Ai h Xx : aA.r : bC ^ B F; A2 h s : C F,A2 <: b 



F, Ai, A2 h {Xx : aA.r)s : B 
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where C <: A and b <: a. We have that (Ax : aA.r)s rewrites m ^[x/s]; if A = N then s 
is a value, otherwise we are able to make the substitution whenever we want. If we reduce 
only on s or only on r we can easily prove our thesis by applying induction hypothesis. 
The interesting cases are when we perform the substitution on one hand and on the other 
hand we make a reduction step on one of the two possible terms s or r. 
Suppose (Aa; : aA.r)s — > r[x/s] and (Aa; : aA.r)s — )■ (Aa; : aA.r)s', where s — >■ s' . Let a be 
r[x/s']. We have that (Ax : aA.r)s' — > a and r[x/s] — > a. Indeed if A is N, s is a value (we 
are making substitutions) but no reduction could be made on s, otherwise there is at least 
one occurrence of s in r[x/s] and by executing one reduction step we are able to have a. 
Suppose (Ax : aA.r)s — > r[x/s] and (Ax : aA.r)s — !• (Ax : aA.r')s, where r — > r' . As we 
have shown in the previous case, we are able to find a confluent term for both terms. 
• The other interesting case is when we perform the so called "swap". (Ax : aA.q)sr rewrites 
in (Ax : aA.qr)s. If the reduction steps are made only on g or s or r by applying induction 
hypothesis we have the thesis. In all the other cases, where we perform one step on subterms 
and we perform, on the other hand, the swap, it's easy to find a confiuent term a. 

□ 

Lemma 2.6. Let t be a well typed term in RSLR; if t ^ vi,V2 and t ^ z then one of the following 
sentence is valid: 

• 3ai, 02 s.t. vi -7- ai and V2 02 and z ai,a2 

• Vi.Vi z 

• z ^ ai,a2 

Proof. By induction on the structure of typing derivation for the term t. 

• t cannot be a constant or a variable. Indeed if t is rand, rand reduces in 0, 1 and this differs 
from our hypothesis. 

• If last rule was T-SUB or T-Arr-I, the thesis is easily proved by applying induction hypothesis. 

• If last rule was T-Case, our derivation will have the following shape: 



r;Aihs:A^ T; A3 h g : ^ 
T; A2 h r : A T; A4 h u : A ^ is D-free 
F; Ai, A2, A3, A4 h case^ s zero r even q odd u : A 



(T-Case) 



If we perform the two reductions on the single subterms we could be in the following case (all 
the other cases are similar), for example, if t rewrites in case^ s' zero r even q odd u and 
case^ s" zero r even q odd u and also t — case^i s zero r even q odd u' . 
It is easy to check that if the two confluent terms are ai = case_4 s' zero r even q odd u' and 
02 = case^ s" zero r even q odd u' the thesis is valid. 

Another possible case is where on one hand we perform a reduction by selecting a branch and 
on the other case we make a reduction on one branch. As example, t ^ q and r — > ri , r2 . This 
case is trivial. 

If last rule was T-Rec, our derivation will have the following shape: 

r2;A4 h<7 : N 
r2,r3;A5h.s:B r2;A4<:n 
r2, r3;h r : ON ^ MB ^ B B is D-free 



r2, Fs; A4, A5 h- recursions qsr : B 



(T-Rec) 



By definition, we can have reduction only on q. By applying induction hypothesis the thesis is 
proved. 

• If last rule was T-Arr-E. Our term could have different shapes but the only interesting cases 
are the following ones. The other cases can be easily brought back to cases that we have 
considered. 

• Our derivation will end in the following way: 

T; Ai h Ax : aA.r : bC ^ B T; A2 h s : C r,A2 <: b 



r, Ai, A2 h (Ax : aA.r)s : B 
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where C <: A and b <: a. We have that (Ax : aA.r)s rewrites m ^[x/s]; if A = N then s 
is a value, otherwise we are able to make the substitution whenever we want. If we reduce 
only on s or only on r we can easily prove our thesis by applying induction hypothesis. 
The interesting cases are when we perform the substitution on one hand and on the other 
hand we make a reduction step on one of the two possible terms s or r. 
Suppose (Ax : aA.r)s — > r[x/s] and (Ax : aA.r)s — ?> (Ax : aA.r)s\ {Xx : aA.r)s", where 
s — s' , s" . Let fli be r[x/.s'] and 02 be r[x/s"]. 

We have that (A.x : aA.r)s' — >■ ai, (Ax : aA.r)s" 02 and r[x/s] ai,a2- Indeed if 
A is N then s is a value (because we are making substitutions) and we cannot have the 
reductions on s, otherwise there is at least one occurrence of s in r[x/s] and by performing 
one reduction step on the subterm s we are able to have oi, 02. 

Suppose (Ax : aA.r)s —> r[x/s] and (Ax : aA.r)s — >■ (Ax : aA.r')s, (Xx : aA.r")s, where 
r — ^ r' ,r" . As we have shown in the previous case, we are able to find a confluent term for 
both terms. 

• The other interesting case is when we perform the so called "swap". (Ax : aA.q)sr rewrites 
in (Ax : aA.qr)s. If the reduction steps are made only on g or s or r by applying induction 
hypothesis we have the thesis. In all the other cases, where we perform one step on subterms 
and we perform, on the other hand, the swap, it's easy to find a confiuent term a. 

□ 

Lemma 2.7. Let t be a well typed term in RSLR; if t Vi,V2 and t — > zi,Z2 (vi,V2 and zi,Z2 
different) then 3ai, 02, 03, 04 s.t. vi ai, 02 and V2 — > 03, 04 and 3i.Zi — > ai, 03 and zi_i — > 02, 04. 

Proof. By induction on the structure of typing derivation for term t. 

• If <; is a variable or a constant the thesis is trivial. 

• If last rule was (T-Sub) or (T-Arr-I) the thesis is trivial, by applying induction hypothesis. 

• If last rule was (T-Case) our derivation will have the following shape: 



r;Aihs:A^ T; A3 h g : ^ 
T; A2 h r : A T; A4 h u : A A is D-free 
F; Ai, A2, A3, A4 h case^ s zero r even q odd u : A 



(T-Case) 



Also this case is easy to prove. Indeed if the reduction steps are made only on single subterms: 
s or r or g or M we can prove by using induction hypothesis. Otherwise we are in the case 
where one reduction step is made on some subterm and the other is made considering a different 
subterm. Suppose s — > s',s" and q — )• q\q". We could have two possible reduction. One is 
t — ?► caseyi s' zero r even q odd u, caseyi s" zero r even q odd u and the other is t — > 
case^i s zero r even q' odd w, case^i s zero r even q" odd u. 

It is easy to find the common confluent terms: are the ones in which we have performed both 
s s', s" and q — > q' , q" . 

If last rule was (T-Rec) our derivation will have the following shape: 



r2;A4h<z:N 
r2,r3;A5hs:B r2;A4<:n 
Ta, Tg; h r : DN ^ as ^ B B is D-free 
r2, Fg; A4, A5 h recursions qsr : B 



(T-Rec) 



By definition, we can have reduction only on q. By applying induction hypothesis the thesis is 
proved. 

If last rule was (T-Arr-E). Oiu term could have different shapes but all of them are trivial or 
can be easily brought back to cases that we have considered. Also the case where we consider 
the so called "swap" and the usual application with a lambda abstraction are not interesting 
in this lemma. Indeed, we cannot consider the "swap" or the substitution case because the 
reduction relation gives only one term on the right side of the arrow — >■. 

□ 
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It is not trivial to prove confluence for . For this purpose we wifl prove our statement on a 
different definition of muhistep arrow. This new definition is laxer than the standard one. Being 
able to prove our theorems for this new definition, allows us to conclude that theorems hold also 
for 



Definition 2.8. In order to prove the following statements we define a new multistep reduction 
arrow => as in Figure [5] As usual, is the distribution that associate to the term t probability 



t y t]^ , . . . , tfi ti 













Figure 5: New Multistep Reduction: Inference Rules 

1. With this relation, distribution are functions : A — > [0, 1]. It is easy to check that if t ^ 
then t =^ ^ (but not vice- versa). 

Definition 2.9 (Size of distribution derivation). We define the size of a derivation t ^ ^, 
written \t ^ S^l, in a inductive way. If the last rule was the axiom, |t =^ ^#t| = 0; otherwise, 
I* ^ Er=i = max, \U ^ %\ + 1. 

Lemma 2.8. If t ^ ^, he 2! = {M^\ . . . , M^"}, and if for all i A/, => S, then t => J^t a^^? 
\t ^ Y.^ (^^<^^\ < \t ^ &\ + max, |M, S,\. 

Proof. By induction on the structure of the derivation for t ^ 2. 

• If last rule was the axiom, then t Suppose t ^ S" . The thesis is easily proved. 

• The derivation finishes with the following rule: 

t ^ ^1 , ■ • ■ , tyi t{ =^ 

Let's analyse all the possible cases, depending on the value n. 

• If n = 1. 

t^ti ti^ SI 

t =^ 21 

By using induction hypothesis on the premise, we prove our thesis. 

• If n EE 2. 

t^ti,t2 ti^^i t2=>22 

i(^l + ^2) 

Be 2 = {A/"\ . . . , Af""} and for all i Mi => J^. By construction, we have some elements 
that belong to 2i, other to &2 and some element that belong to both of them. With- 
out loosing generality, let's say that elements Mi, . . . , M„i belongs to &i and elements 
Mo, ■ ■ ■ , Mn, where 1 < o < m < n. 

So, we have that 2i = {Af^^S . . . , Af^"^"\ A/^°, . . . , M^,"} and we have that ^2 is 
{M^^ MZ- , M^";i , . . . , A^ } 

By applying induction hypothesis on the two premises we have that ti ^ and t2 
where ^1 = J^Z'i^ 2a,^, + ^^<^^ and ^2 = EL™ + Eto+i '^^^'^^ 

So, we can derive that t => ^{■'3^1 + ^^2) that is oiu thesis. 

Concerning the bound on the derivation, the induction hypothesis applied to the premises 
gives us |ti ^ < \ti ^ 2i\ + maxo,...,™ \M, ^ S,\ and \t2 ^2! < 1^2 ^ ^2! + 
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maxo^..._„ \Mi ^ (?,;|. We have: 
|t =^ ^ a^S'^l = max{^i, ^2} + 1 

i 

< max{|ti ^ + max \M^ ^ Si\, \ti ^ &2\ + max |Mj + 1 

, . . . , m o , . . . , n 

< max{|ii ^ '3i\,\t2 ^ 2>2\} + I + max{max \Mi max \M, => S',\} 

o,...,n 0,...,m 

<\t^ f^l +max|M, 

i 

and the lemma is proved. 

□ 

Theorem 2.9 (Multistep Confluence). Let t be a closed, typable, term. Then ift-^Si and t S 
then & = S. 

Proof. We are going to prove the following strengthening of the thesis: Be i a closed term, lit ^ & 
andt ^ ^, be ^ = {Mf \ ■ • • ,MP"} and S = {iVf , • ■ • , A^f } then exist ^1, . . . , ^1, . . . , 
such that Ml ^ ifi, • • • , M„ ^ ^„ and A^i ^ ^Nk^ Jk, maxi(|M, ^ ^,|) < |i ^ (?|, 

max,(|7V, ^ XI) < |t f^l and X Jf,) = Ejfe X X)- 

We are going to prove on induction on the sum of the length of the two derivation of i ^ ^ 
and t=>S. 

• If both derivations end with the axiom rule, we are in the following case: 



t^%^ t^ %2 

we can associate to r the distribution and the thesis is proved. 

• If i is rand, it's easy to check the validity of the thesis (independently from the structure of 
the two derivations). 

• If only one of the derivation consists of the axiom rule, we are in the following case: 

t ^ ^1 : • ■ • 1 tji t{ ^2 



t ■ 



If ^ = i^i = ,MP"} and = {t^}, then it's easy to find the "confluent" 

distribution. For each Mi we associate the relative ^^a/. and to t we associate The thesis is 
proved. 

• Otherwise we are in the case where the sum of the two length is more than 2 and so, where 
the last rule, for both derivations, is not the axiom one. 

t->tl,...,i„ tl ^ t^Si,...,Sm Si^S'i 



• If ii, . . . , t„ is equal to si, . . . , Sm (modulo sort) then by using induction hypothesis we are 
done. Let's consider the most interesting case, where the terms on the right side of — s- are 
different. 

• If n = m = 1. By lemma 1^751 we could have three possible configurations: 

• <i si. We have that ti ^ and t\ ^ S\. So the thesis is derived by induction. 

• si — > ii. Same as before. 

• 3r s.t. ii ^ r and si ^ r. Be ^ = {A/f ,MP"} and S = {iVf ,iVf }. 
By using axiom rule, we can associate a distribution to r; let's call it 3^, such that 
r ^ ^. So, ^ ^1 and ti ^ ^ . By induction exist .ifi, . . . , Jf„, ^ such that Mi ^ 

. . . ,M„ ^ ^„ and r ^ max,(|M, ^ .ifi|) <\t^ and \r ^ .J(r\<\t^ <2l\ 
and Y. ^yV^ ^ = ■ 

Similar we have that exist , . . . , , J'^ such that A^i ^\ , • • • , Nk => ^k and 
r ^ , maxi(|iV, Ji\) < \t ^ ^\ and |r Jf] < |t ^ | and x c/^) = 



15 



Merging the two disambiguation, we obtain that \r =^ + \r ^ M'\ < |< => + |t 
i\. Be ^ = {Pl\ . . . , and = {Q{\. . . , Qp"} 

We can apply induction hypothesis and obtain that exist ^i, . . . , cSo,^i, . . . such 
that Pi ^ • • ■ , P„ ^ and Qi ^ ■■■ ,Qk^ ^k, maxi(|Pi ^^\) < \r ^ 

and maxjdQj => ^^1) < |r JT] and Y^tilt =S,) = x -^j)- 

Notice that the cardinaUty of & and may differs but for sure they have the same 
terms with non zero probabihty. Similar, S and have the same terms with non zero 
probability. 

By using lemma 12.81 and using transitive property of equality we obtain that t =^ 
Y^iPi^i = Hi li^i = Hj ^j^] and t^Y^i li^i = Yj ^j^j- Moreover we have: 

max(|Mj ^ ^,\) <\r ^ ,yf\<\t^ S\ 

i 

max(|iV,; => <\r ^ .je\<\t^ S>\ 



The thesis is proved. 
• If n = 2 and m = 1. By lemma [^T^ we could have three possible configurations: 

• Vi.ii ^ si. If so, ti ^ S and t2 ^ S (recaU m = 1, so si ^ (?). Be ^ = 
{M"^ , . • . , M"" } and S" = {N^^ , • ■ • , -^f }• By construction, we have some elements 
that belong to other to &2 and some element that belong to both of them. With- 
out loosing generality, let's say that elements Mi, . . . , Mm belongs to fFi and elements 
-Mo, . . . , M„, where 1 < o < m < n. 

So, we have that &i = {Mi"\ . . . , M„^"°f \ M^"", . . . , M^'"} and we have that &2 is 
{M„"°,...,M^'",M^"+"i,...,M2""}. 

By using induction we have that exist , . . . , ^„ , , . . . , such that Afi , ■ • • , ^ 

^„ and A^i ^1, • • • , A^fc ^fc, (|Mj =^ ^,|) < |t ^ maxjdA'j- =^ 

/■jl) < 1^1 ^i|, maxo<,<„(|M, =^ < |t =^ SI maxj(|iVj- =^ ^^1) < \t2 ^ &2I 

Merging all, we have that exist ^1, . . . , ^1, . . . , such that Mi =J> ^1, . . . , M„ =J> 
=Sf„ and ATi ^ ^1, . . . ,iVfc ^ ^fc, max,(|M, =^ ^,|) < |t ^ |, maxj(|iVj- ^ < 
l*^^l,E,(P. x^,)^E,fex^,). 

• s ^ ti,t2- We have that s 5 (-2^1 + ^2) and s ^ S . By applying induction hypothesis 
we prove out thesis. Notice that |s ^ ^| = 2>\. 

• 3ai,a2 s.t. ti — > ai and t2 — 02 and si 01,02. Be = {A/"\ . . . , Af""} and 
S = {iVf ^ , . . . , iVf"}. By construction, we have some elements that belong to S>i , other 
to ^^2 and some element that belong to both of them. Without loosing generality, 
let's say that elements Mi, ... , Mm belongs to and elements Mq, . . . , M„, where 
1 < o < m < n. 

So, we have that ^1 = {M^^^^, . . . , M^"°-\ M„"°, . . . , M^-} and we have that ^2 is 
{Mo"<'_,...,M;^'",M^°-,...,M2""}. 

By using the axiom rule, we associate to every a distribution s.t. a,; Be 
^1 = {P7^ , . . . , PJ° } and be ^2 = {QiS . . . , 0^° } • 

So, we have, for all i, U and U s => (? and s ^ i(^i + ^2). 

By applying induction hypothesis on all the three cases we have that exist ^1, . . . , 

j/i,...,^fe,^, jr,^,if'suchthatMi =^.ifi,--- ,M„ =>if„,iVi ^i,--- ,Nk 
^k, and ai J^^ and 02 => and ai =J» ^ and 02 => ^ such that: 
• maxi<2<7^ (|Mi^.i^,|)<|ti^^i|, 
\ai => J^\< \ti ^i|, 
E"7' 2a,^, + EL™ = 

(|M, < |t2 ^ ^2|, 
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\a2 ^J^\< \t2 SI2I 

max{|ai =^ \a2 ^ .^|} < |.s =^ S'\ 

Notice that |ai ^ ^| + |ai =^ < \t ^ Si\ + \t ^ S\. Moreover, notice also that the 
following inequality holds: |a2 ^| + |a2 => < |t ^ ^| + |t ^ (?|. We are allowed 
to apply, again, induction hypothesis and have a confluent distribution for both cases. 
Lemma 12.81 then allows us to connect the first two main derivations and by transitive 
property of equality we have the thesis. 

• If n = 1 and m = 2. This case is similar to the previous one. 

• li n = m = 2. By lemma [^771 we have: 301,02,03,04 s.t. ti 01,02 and ^2 ^ 03,04 and 
3i.Si — >■ 01,03 and .si_i 02,04. 

At each Oi we associate, by using the axiom rule, the relative distribution s.t. o 
Without loosing generality, let's say that elements Mi, . . . , Aim belongs to ^1 and ele- 
ments Mo, . . . , Mn to f^2, where 1 < o < m < n; Ni, . . . , Mp belongs to S'l and elements 
Nq, . . . , Nk to (02, where 1 < q < p < k. 

So, we have that S^i = {M^"\ . . . , M^^f', M^" , . . . , MZ"'} and we have that ^2 is 
{M„"° , . . . , M;^^" , M^%"1 , . . . , Af 2o„ } g^^^ = {ivf \ . . . , iV^'f r \N^%---, } and #2 = 
{<',..., <',7V^'^l,...,7Vfn- 

This case it's very similar to two previous ones. We have that ti and ti ■^{^1 + 

^2), t2 =^ ^2 and t2 + ^4), si ^ A and si + ^3), S2 ^ <S2 and S2 ^ 

\(^2 + ^4)- We can apply the induction hypothesis to the four cases and have that exist 
.J^i, . . . , ^1, . . . , ^fc, ^1, ^2, J^i, =^2, =^3, ^4 such that Afi =^ J^i, • ■ • , M„ ^ 

A^i ^ J'l, - ■ ■ ,Nk ^ J'k: ai ^ and o^ ^ such that: 

• maxi<i<™(|Mi ^ .ifil) < |ii ^ i(^i + .^2)1 
max{|oi ^i|, |o2 ^ J^2W < \ti ^ 

YZ'i 2a»^^ + EL,„ ^^^^ = 1(^1 + ^2) 

• maxo<i<„(|M,; ^ ^,|) < |t2 =^ 5(^3 + ■53^4)1, 
max{|o3 J^sl, |o4 ^^4]} < |t2 =^ ^2!, 

EL™ + Er=o+i 2a.if. = i(jr3 + jr4) 

. maxi<,<p(|7V, ^,|) < |s ^ i(^i + ^3)!, 
maxjloi ^ JTil, I03 =4> < |si ^ A| 

ELi' 2/3.^, + EL, ^ + ^2) 

. max,<,<fc(|7V, ^ /,|) < |s ^ i(^2 + ^4)1, 
max{|o2 ^ ^1, 104 ^ ^1} < |S2 ^ ^2! 

EL, P^A + Elp+i 2A^. ^ i(^2 + ^4) 
Now, notice that for all i, joi ^| + |oi ^ < |< ^ ^| + |t ^ As we have done 
in the previous cases, we are now able to apply the induction hypothesis on the four cases. 
Then we use the lemma and find confluent distributions. Sum everything and we are 
able to prove our thesis. 
It is easy to check that original thesis is a corollary of the strengthening thesis. This concludes 
the proof. □ 

Example 2.3. Consider again the term 

t = [Xx : ■N.(i0xa;))rand 

where is a term computing © on natural numbers seen as booleans (0 stands for "false" and 
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everything else stands for "true"): 

^9 — Xx : ■N.caseBN_yN x zero even odd r^; 
S0 = Ay : BN.caseN y zero even 1 odd 1; 
= Xy : BN.caseN y zero 1 even odd 0. 

In order to simplify reading, let us define: 

• / = {t(BXx) 

• go = (caseHN^N zero even odd r^) 

• gi = (caseBN-i-N 1 zero even odd r^) 

• ho = casejvr zero even 1 odd 1 

• hi = caseN 1 zero 1 even odd 

We can produce the following derivation tree: 

h„^0 o~*{o^} 

SffiO ^ hp ho ^ {0^} 

tffiOO ^ gpO gpO ^ {O'} 

{Xx : ■N.casejj^_).p^ a: zero sgj even odd rg5)00 ^ {0^} 
(Aan : ■N./)0 ^ {0^} 



(Ax : ■N./jO -> tmOO 



/ii ^ {0^} 

rffil -> fci /ii {0^} 

gll -» '■el rel {O'} 

tell ^ gii gii {o'l 

(Aa; : HN./)! — t^ll (Ax : ■N.casej]vr_j.]sj x zero S0 even odd r^)! 1 {0 } 

(Ax : BN./)! ^ {0^} 

(Ax : ■N./)rand {Xx : ■N./)0, (Ax : BN./)! ttq : (Ax : ■N./)0 {0^} tti : (Ax : BN./)! — {0^} 

(Ax : ■N.(t9xx))rand {0^} 

3 Probabilistic Polytime Soundness 

The most difficult (and interesting!) result about RSLR is definitely polytime soundness: every 
(instance of) a first-order term can be reduced to a numeral in a polynomial number of steps 
by a probabilistic Turing machine. Polytime soundness can be proved, following [5], by showing 
that: 

• Any explicit term of base type can be reduced to its normal form with very low time complexity; 

• Any term (non necessarily of base type) can be put in explicit form in polynomial time. 

By gluing these two results together, we obtain what we need, namely an effective and efficient 
procedure to compute the normal forms of terms. Formally, two notions of evaluation for terms 
correspond to the two steps defined above: 

• On the one hand, we need a ternary relation ij.„f between closed terms of type N, probabilities 
and numerals. Intuitively, t ^."f n holds when t is explicit and rewrites to n with probability 
a. The inference rules for JJ-pf are defined in Figure |6l 

• On the other hand, we need a ternary relation JJ-rf between terms of non modal type, probabil- 
ities and terms. We can derive t -IJ.^ s only if t can be transformed into s with probability a 
consistently with the reduction relation. The inference rules for ij-^f are in Figure [71 
Moreover, a third ternary relation JJ. between closed terms of type N, probabilities and numerals 

can be defined by the rule below: 

H^°'P n 

A peculiarity of the just introduced relations with respect to similar ones is the following: whenever 
a statement in the form t ]}."f s is an immediate premise of another statement r JJ-nf q, then t needs 
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n ij^lf n rand JJ-^/^ rand J|^f 1 
Soi 2 • n Sii 2 • n + 1 Pt [f J 



(casGyi t zero 


s even 


r odd q)u JJ-"/* n 


t 2n 




m n > 1 


(case^i t zero 


s even 


r odd J|"f'' m 


i 2n 


+ 1 


Jiff m 



(case^ t zero s even ?' odd q)u J|"f m 



s^fn {t[x/n])rr„,m {t[x/s])r n 

(Ax : aN.i)sr Jl"/' to (Ax : aH.t)sr J|ff 7i 



Figure 6: The relation JJ-nf: Inference Rules 



tJl^^w t^f^v tJI^Jf 



rf ^ Sot J|^f Sow Sit J|^f Siw Pt Jl^f ?v 
t ^> r a 

s Jiff z g JJ-ff b Vwj e u, Ui J|^f' Ci 



(case^ t zero s even r odd q)u j),^'^''"' rii (case^ zero z even a odd 6)c 

w C n Vg. £ r[f J ^7f° rp . . . rL^J r|„|_i 
(recursionyi tsrjg Jl^f ro(. . . (r(|„|_i)z) . . .)& 

s JJ-^^ z s J|^^ z 

z J|^f 7i (t[x/7i])r J|ff u -2 J|pf " tr J|ff u 



(Ax : □N.t)sr JI^J'^'' u (Ax : ■N.t)sr Jl^'^ (Ax : ■N.w)n 

{t[x/s])r ^ff u t^^,u t, 



(Ax : aH.t)sr J|^ u Ax : a^.t J|^ Ax : aA.u xt Jl^.^ 



Figure 7: The relation J|rf: Inference Rules 
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to be structurally smaller than r, provided all numerals are assumed to have the same internal 
structure. A similar but weaker statement holds for JJ-rf. This relies on the peculiarities of RSLR, 
and in particular on the fact that variables of higher-order types can appear free at most once in 
terms, and that terms of base types cannot be passed to functions without having been completely 
evaluated. In other words, the just described operational semantics is structural in a very strong 
sense, and this allows to prove properties about it by induction on the structure of terms, as we 
will experience in a moment. 

Before starting to study the combinatorial properties of -IJ-rf and -IJ-nf, it is necessary to show 
that, at least, 4J. is adequate as a way to evaluate lambda terms: 

Theorem 3.1 (Adequacy). For every term t such that h i : N, the following two conditions are 
equivalent: 

1. There are j distinct derivations with conclusions t JJ."i ni,...,t J|"^ Uj (respectively) such 

that X)Li = 1; 

2. t 2> , where for every m, 2!{ra) ~ J2ni=m 'hi- 
proof. Implication [T] => can be proved by an induction on the sum of the sizes of the j 
derivations. About the converse, just observe that, some derivations like the ones required in 
Condition [1] need to exist. This can be formally proved by induction on where | • |w is defined 
as follows: |a;|,„ = 1, \ts\„ = \t\„ + \s\„, \Xx : aA.t\„ = \t\„ + 1, |case^ t zero s even r odd q\„ = 
|i|w + |s|w + \r\w + \q\w + 1, IrecursionA tsr\„ — \t\„ + |s|w + |r|w + 1, \n\„ = 1, |So|w = |Si|w = 
[P|w = |rand|„ = 1. Thanks to multistep confluence, we can conclude. □ 

It's now time to analyse how big derivations for ij-^f and JJ-rf can be with respect to the size of 
the underlying term. Let us start with ij-„f and prove that, since it can only be applied to explicit 
terms, the sizes of derivations must be very small: 

Proposition 3.2. Suppose that h t : N, where t is explicit. Then for every n : t JJ-J^f m it holds 
that 

1. IttI <2.|i|; 

2. If s & TT, then |s| < 2 • \t\'^ ; 

Proof. Given any term t, and |i|n are defined, respectively, as the size of t where every numeral 
counts for 1 and the maximum size of the numerals that occour in t. For a formal definition of 
I • |„. see the proof of Theorem 13.11 On the other hand, | ■ |n is defined as follows: |a;|n = 0, 
\ts\„ = max{|i|n, |s|n}, lAx : aA.t\„ = \t\„, |case^ i zero s even r odd = max{|t|n, |s|n, |r|n, |g|n}, 
Irecursion^ tsr\„ = max{|t|n, |s|n, |r|n}, |n|n = [log2(n)], and |So|n = |Si|n = |P|n = |rand|n = 0. 
Clearly, \t\ < \t\„ ■ \t\„. We prove the following strengthening of the statements above by induction 
on |t|w: 

1. |7r| < |t|w; 

2. If s e TT, then |s|„ < \t\„ and Is|n < |t|n + \t\vj] 
Some interesting cases: 

• Suppose t is rand. We could have two derivations: 

rand JJ,^/^ rand i^.^^ 1 

The thesis is easily proved. 

• Suppose t is SiS. Depending on S,; we could have two different derivations: 

SosJ|"f2-n SisJ|^f2-n + l 
Suppose we are in the case where = Sq. Then, for every r G tt, 

|7r| = IpI + I < |s|w + l = \t\„; 
\r\w < |s|w < \t\w 

kin < |s|n + |s|w + l= |s|n + |i|w 
= |i|n + |t|w 
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The case where = Si is proved in the same way. 
Suppose t is Ps. 

P : g p : 5 n n > 1 
Ps i^-, Ps i^^, LtJ 

We focus on case where n > I, the other case is similar. For every r G tt we have 

\M = |p| + l < |s|w + l = |i|w 

\r\w < |s|w < \t\w 

kin < |s|n + |s|w + l= |s|n + |i|w 

= |i|n + |t|w 

Suppose t is n. 



n i^lf n 

By knowing \tt\ ~ 1, ~ 1 and |n|n = |?^|, the proof is trivial. 

Suppose that t is (Ay : dN.s)rq. All derivations tt for t are in the following form: 

p:r-U.^fO M : (g[y/o])g 4ff ^ 
t 4"/ m 

Then, for every u € tt, 

kl < IpI + |/i| + 1 < |r|w + |s[2//o]5|w + 1 

= |?iw + \sq\vj + 1 < |t|w; 
|u|n < max{|r|p + |r|w, \s[y/o]q\„ + \s[y/o]q\„} 
= max{|r|n + |r|w, \s[y/o]q\„ + \sq\„} 
= max{|r|n + |r|„, max{|sg|n, |o|} + \sq\„} 
= max{|r|n + |r|„, |sg|n + \sq\„, \o\ + \sq\„} 

< max{|r|p + |r|w, \sq\n + \sq\„, |r|n + \r\„ + \sq\„} 

< max{|r|p, \sq\n} + \r\„ + \sq\„ 

< max{|r|p, |sg|n} + |t|w 

= \t\n + \tW, 

|w|w < max{|r|„, \s[y/o]q\^, 

= max{|r|„, \sq\„, \t\„} < \t\„. 

If M G TT, then either u G p or it G /i or simply u = t. This, together with the induction 
hypothesis, implies \u\„ < max{|r|v„, |s[?//o]g|w, |i|w}- Notice that \sq\„ ~ \s[y/6\q\n holds 
because any occurrence of ?/ in s counts for 1, but also o itself counts for 1 (see the definition 
of I • |w above). More generally, duplication of numerals for a variable in t does not make \t\^ 
bigger. 

Suppose t is (Ay : aH.s)rq. Without loosing generality we can say that it derives from the 
following derivation: 

P ■ 4nf n 

(Ay : aH.s)rq J|ff n 

For the reason that y has type H we can be sure that it appears at most once in s. So, 
|s[2//^]| ^ \sr\ and, moreover, |s[y/r]g|v„ < |sr5|„ and |s[y/r]5|n < |srg|n. We have, for all 
u G p: 

kl = |p| + l < \s[ylr]qU + l< |t|w 
|w|w < \s[y/r]q\^ < \srq\^ < \t\„ 

\u\n < \s[y/r]q\„ + \s[y/r]q\^ < |s7'g|n + \srq\„ < \t\^ + \t\„ 
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and this means that the same inequalities hold for every u € tt. 

• Suppose t is caseyi s zero r even q odd u. We could have three possible derivations: 

p : s J|nf fJ. : rv il-^f n 

(case^ s zero r even q odd u)v n 

p : s JJ.J^f 2n fi : qv ii-^f m n>l 

(case^i s zero r even q odd u)w JJ-"/ 

p : s -IJ-J^f 2n + 1 jj. : uv i^^^^ m 

(caseyi s zero r even (jf odd u)w ^'^^ m 

we will focus on the case where the value of s is odd. All the other cases are similar. For all 
z g TT we have: 

kl < + + 1 

< |s|w + |uw|w + 1 < |i|w 

|z|w < |s|w + |f |w + k|w + \uv\vj < \t\w 

|z|n max{|s|n + |s|w, \uv\„ + \uv\„, |r|n, \q\„} 

< max{|s|p, \uv\„, |r|n, \q\n} + |s|w + |ww|w 

< |t|w + |t|n 

This concludes the proof. □ 

As opposed to JJ-nf, -llrf unrolls instances of primitive recursion, and thus cannot have the very 
simple combinatorial behaviour of 4nf • Fortunately, however, everything stays under control: 

Proposition 3.3. Suppose that xi : DN, . . . ,Xi : DN \- t : A, where A is D-free type. Then there 
are polynomials pt and qt such that for every ni,...,ni and for every tt : t[3;/rT] JJ-rf s it holds 
that: 

2. If sen, then\s\ <qt{E^\n^\)■ 

Proof. The following strengthening of the result can be proved by induction on the structure of 
a type derivation p for t: if xi : DN, . . . ,Xi : DN, yi : BAi, ■ . . ,yj : ^Aj \- t : A, where A is 
positively D-free and Ai, . . . ,Aj are negatively D-free. Then there are polynomials pt and qt such 
that for every tii, . . . , and for every tt : t[a;/n] i)-ff s it holds that 

1- kl <PtiJ2^\n^\)■, 

2. IfsGTT, then |s| < qt{E^\n^\)■ 
ln defining positively and negatively D-free types, let us proceed by induction on types: 

• N is both positively and negatively D-free; 

• Dj4 — > i? is not positively D-free, and is negatively D-free whenever A is positively D-free and 
B is negatively D-free; 

• C ~ UA — >■ B is positively D-free if A is negatively and B is positively D-free. C is negatively 
D-free if A is positively D-free and B is negatively D-free. 

Please observe that if A is positively D-free and B <: A, then B is positively D-free. Conversely, 
if A is negatively D-free and A <: B, then B is negatively D-free. This can be easily proved by 
induction on the structure of A. We are ready to start the proof, now. Let us consider some cases, 
depending on the shape of /i 

• If the only typing rule in p is (T-Const-Aff), then t = c, Ptix) = 1 and qtix) = 1. The thesis 
is proved. 

• If the last rule was (T-Var-Aff) then t = x, Pt{x) = 1 and qt{x) = x. The thesis is proved 
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If the last rule was (T-Arr-I) then t = Xx : UA.s. Notice that the aspect is ■ because the 
type of our term has to be positively D-free. So, we have the following derivation: 



p : s[x/n] Jiff V 



Xx : aA.s[x/n\ Ax : aA. 



If the type of t is positively D-free, then also the type of s is positively D-free. We can apply 
induction hypothesis. Define pt and qt as: 



Ptix) = psix) + 1 
qt{x) = qs(x) + 1 

Indeed, we have: 

i 

If last rule was (T-Sub) then we have a typing derivation that ends in the following way: 

Tht: A A<: B 
r h t : B 

we can apply induction hypothesis on t : yl because if B is positively D-free, then also A will 
be too. Define pt:B{x) = pt-.Aix) and qt-.Bix) = qt:A{x). 

If the last rule was (T-Case). Suppose t = (case^ s zero r even q odd u). The constraints on 
the typing rule (T-Case) ensure us that the induction hypothesis can be applied to s,r,q^u. 
The definition of JJ-rf tells us that any derivation of t[a;/n] must have the following shape: 

p : s[x/n] JJ-^f z 1/ : q[x/n] JJ-^f b 
p : r[x/n] JJ-f^ a a : u[x/n] JJ-ff c 
t[a;/n] i}.'^^'^^ (case^ z zero a even b odd c) 

Let us now define pt and qt as follows: 

Pt{x) = Ps{x) + Pr{x) + Pq{x) + Pu{x) + 1 

qt{x) = qs{x) + qr{x) + qg{x) + qu{x) + 1 



We have: 



< IpI + + + |ct| + 1 

< PsC^ +PrC^ +PqC^ Wi\)+PuC^ \n^\) 



Pt 



Similarly, if z G tt, it is easy to prove that \z\ < qz(^i \n-i\)- 

If the last rule was (T-Rec). Suppose t = (recursiony^ srq). By looking at the typing 
rule (figure U) for (T-Rec) we are sure to be able to apply induction hypothesis on s,r,q. 
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Definition of JJ-rf ensure also tliat any derivation for t[x/n] must liave tlie following shape: 

p : s[x/n] JJ-^f 2; ^ : z[x/n] ij-^f n 
V : r[3;/n] JJ-^f a 
go ■■ qz[x,z/n, [fyj] qo 

Q\n\-i ■■ qz[x,z/ri, L^^^^Jl J^rf"'"' 9|n|-i 
(recursioHA srq)[x/n] ^^^'^'^'^j 7j) ^^^^ ^ ^ {q^\„\-i)a) . . .) 

Notice that we are able to apply ij.^f on term z because, by definition, s has only free variables 
of type DN (see figure S]). So, we are sure that z is a closed term of type N and we are able 
to apply the i}-^f algorithm. 
Let define pt and as follows: 

Pt{x) = ps{x) + 2 ■ qs{x) +pr{x) + qs{x) ■ pq{x) + 1 
qt{x) = qs{x) + qr{x) + 2 ■ qs{xY + qq{x + 2 ■ qsixY) 

Notice that \z\ is, bounded by qsix) Notice that by applying theorem 13.21 on p {z has no free 
variables) we have that every v G pis s.t.v < Pz{\ni\, . . . , \ni\). We will refer to Pz{x) to intend 
Pz{x, ...,x). 
We have: 

i 

- P'^C^ + 2 • l^l +PrC^ \ni\) + \n\ -Pqi^ \n,]) + 1 

i i i 



Similarly, for every z G tt: 

\z\ < g,(^|n,|) + 2 -9,(^171,1)2 + 9,(^171,1) + g,,(^|n,| + |n|) 

i ill 

i i i i i 

• In the following cases the last rule is (T-Arr-E). 

• t = xs. In this case, obviously, the free variable x has type UAi (1 < i < j). By definition x 
is negatively D-free. This it means that every term in s has a type that is positively D-free. 
By knowing that the type of x is negatively D-free, we conclude that the type of our term t is 
□-free (because is both negatively and positively D-free at the same time). 

Definition of JJ^f ensures us that the derivation will have the following shape: 

p, : Sj [x/n] -(1°/ rj 
xs\x/n] -IJ.|f^* xr 

We define pt and qt as: 

Pt{x) = ^ps^{x) + 1 
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Indeed we have 

k\<Y.\Pj\ + i 

j i 

Similarly, if z G tt, it is easy to prove that \z\ < QzC^i 

li t = Sqs, then s have type N in the context T. The derivation tt has the following form 

p : s[x/n] i)-ff z 
Sos[x/n] Soz 

Define "Ptix) = Ps(a;) + 1 and qt{x) = (?s(a;) + 1- One can easily check that, by induction 
hypothesis 

i 

i 

Analogously, if r G tt then 

i i 

li t = Sis ov t = Ps, then we can proceed exactly as in the previous case. 

Cases where we have on the left side a case or a recursion with some arguments, is trivial: can 

be brought back to cases that we have considered. 

If t is [Xx : □N.s)r5, then we have the following derivation: 

p : r^/n] a 

pL : a\x/n\ n v : {s[x / n])q^ /n] -IJ-f^ v 

{\x : nN.s)rq[x/n] ^^^''^ v 

By hypothesis t is positively D-free and so also r (whose type is N) and sq are positively D-free. 
So, we are sure that we are able to use induction hypothesis. 
Let pt and qt be: 

Pt{x) EE pr{x) + 2 • qr{x) + Psq{x + 2 • qr{x)) + 1 

qt{x) = qsq{x + 2 • qr{xY) + ^^(a;) + 2 • 5^(2;)^ + 1 

We have: 

kl = IH + lA*l + kl + l 

< Pr(E I"' I) + 2 • |a| +Ps9(E I'^'l + + 1 

i i 

< PriY, k'l) + 2 • ^rlE +P^9(E kd + 2 • gr(E l^'D) + ^ 

i 2 i 2 

By applying induction hypothesis we have that every v £ p is s.t. \v\ < (?r(X]i every v € v 
is s.t. 

kl < g.^(^|n,| + |n|) 

i 

< (7,^(^|n,|+2- lap 

< g,^(^|n,|+2-(?,(^|n,|)2) 

i i 
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By construction, remember that s has no free variables of type UN. 

For theorem 13.21 (z has no free variables) we have v € fj, is s.t. < Qai^i I'^iD- 

We can prove the second point of our thesis by setting qt(J2i Qsq(X]i + + 

9r(EJ"d)+ga(E>d) + l- 

• If t is {Xx : ■N.s)r(7, then we have the following derivation: 

p : r[x/n] a 

/i : a[x/n] J|^f n v : sq\xlri\ JJ-^ u 

(Ax : ■N.s)rg[x/n] Jl^'' (Ax : BN.m)?! 

By hypothesis we have t that is positively D-free. So, also r and a (whose type is N) and sq 
are positively D-free. We define pt and qt as: 

P((x) EE pr(.T) + 2 • g,.(x) +psq(a:) + 1; 
qt{x) = qr{x) + 2 ■ qr{xY + qsq{x) + 1. 

We have: 

IttI ^ IpI + + + 1 

■i i i 

Similarly, if ^; G tt, it is easy to prove that \z\ < qzC^i {nil). 

• If t is (Ax : aH.s)rq, then we have the following derivation: 

P ■ {s[x/r])q[x/n] ij.'^ v 
(Ax : aH.s)rq\x/n] JJ.^ v 

By hypothesis we have t that is positively D-free. So, also sq is positively D-free. r has an 
higher-order type H and so we are sure that |(s[x/r])g| < |(Ax : aH.s)rq\. Define pt and qt as: 

Pt{x) = p(^,l^/r])q{x) + 1; 
qt{x) = q(s[x/r]}q{x) + 1. 

By applying induction hypothesis we have: 

|7r| = + 1 < P{s[x/r])qiY^ \n^\) + 1 

i 

By using induction we are able also to prove the second point of our thesis. 
This concludes the proof. □ 

Following the definition of ^, it is quite easy to obtain, given a first order term i, of arity A:, 
a probabilistic Turing machine that, when receiving on input (an encoding of) rii . . .Uk, produces 
on output m with probability equal to ^(m), where ^ is the (unique!) distribution such that 
t S>. Indeed, JJ-rf and JJ-nf are designed in a very algorithmic way. Moreover, the obtained Turing 
machine works in polynomial time, due to propositions 13.2 1 and 13.31 Formally: 

Theorem 3.4 (Soundness). Suppose t is a first order term of arity k. Then there is a probabilistic 
Turing machine Mt running in polynomial time such that Mt on input ui . . .n^ returns m with 
probability exactly S!{m), where & is a probability distribution such that tni . . .Uk 2> . 

Proof. By propositions 13.21 and 13.31 □ 
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Example 3.1. Let's see now an example about how the two machines J^rf and JJ-^f works. Suppose to have the following t term: 



(Az : BN.A/i : DN.recursionN 2 h (Xx : □N.(Aj/ : BN.caseHN^N rand zero Si even Si odd So)a))(10)(1110) 

For simplify reading let define; 

• Be g = (casejp^_^j^ rand zero Si even Si odd So). 

• Be / = Xx : DN.Ay ; HN. (case^j.j_^|.^ rand zero Si even Si odd So)y. 

Si Si rand 1).^ rand 

So 4!} So Si 4i Si y 4i y 

(caseBM_^p^ rand zero Si even Si odd So)y 4-^ C^^^^Bn— ^^^nd zero Si even Si odd So)y 
Xy ■ BN.gy 4li Ay : BN.gy 



1110 \^}f 1110 

Po : 1110 JJ.„if 1110 TT : Ay : BN.gy 4i Ay : BN.gy 

/lllO 4i Ay : BN.gy 



111 4i 111 
Pi : 111 4n\ 111 



TT : Ay : BN.gy 4;^ Ay : BN.gy 



11 U-i 11 
P3 : 11 11 



7r : Ay : BN.gy Ay : BN.gy 



1 4i 1 

P4 : 1 ii-ls 1 



/111 4i Ay : BN.gy 



/II i^lf Xy : BN.gy 



TT : Ay : BN.gy 4;^ Ay : BN.gy 



/I 4i Ay : BN.gy 
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po : /lllO 4i Ay : BN.gy 
pi : /111 4i Ay : BN.gy 



P3 : /II 4i Ay : BN.gy 
P4 : /I 4i Ay : BN.gy 



1110 j;i 1110 
1110 1110 



1110 4i 1110 

1110 1110 recurslonN 1110 /i (Ax : DN.Ay : BN.(caseBN^N ^and zero Si even Si odd So)y) 4^ (Ay : BN.gy)((Ay : BN.gy)((Ay : BN.gy)((Ay : BN. gy)z))) 10 JJ.„^f 1 
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Then, by applying the machine for 4nf we could obtain the following derivation tree. Recall that, for the reason we have rand inside our term, there will be more than one possible 
derivation tree. 
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4 Probabilistic Polytime Completeness 



In the previous section, we proved that the behaviour of any RSLR first-order term can be somehow 
simulated by a probabihstic polytime Turing machine. What about the converse? In this section, 
we prove that any probabilistic polynomial time Turing machine (PPTM in the following) can 
be encoded in RSLR. PPTMs are here seen as one-tape Turing machines which are capable at 
any step during the computation of "tossing a fair coin", and proceeding in two different ways 
depending on the outcome of the tossing. 

To facilitate the encoding, we extend our system with pairs and pro jections. All the proofs in 
previous sections remain valid. Base types now comprise not only natural numbers but also pairs 
of base types: 

G N I G X G. 

Terms now contain a binary construct (■, ■) and two unary constructs 7ri(-) and 7r2(-), which can 
be given a type by the rules below: 

r;Aiht:G F; A2 h s : F 
r;Ai,A2 h {t,s):GxF 

Tht:G X F Tht-.G X F 

rh7ri(t):G T ^ 7:2(1) -.F 

As syntactic sugar, we will use (ti . . . , ti) (where i > 1) for the term 

For every n > 1 and every 1 < i < we can easily build a term 7rf which extracts the i-th 
component from tuples of n elements: this can be done by composing 7ri(-) and 7r2(-). With a 
slight abuse on notation, we sometimes write tt,; for tt". 

4.1 Unary Natural Numbers and Polynomials 

Natural numbers in RSLR are represented in binary. In other words, the basic operations allowed 
on them are Sq, Si and P, which correspond to appending a binary digit to the right and of the 
number (seen as a binary string) or stripping the rightmost such digit. This is even clearer if we 
consider the length \n\ of a numeral n, which is only logarithmic in n. 

Sometimes, however, it is more convenient to work in unary notation. Given a natural number 
i, its unary encoding is simply the numeral that, written in binary notation, is V. Given a natural 
number i we will refer to its encoding i. The type in which unary encoded natural numbers will 
be written, is just N, but for reason of clarity we will use the symbol U instead. 

Any numeral n, we can extract the unary encoding of its length: 

encode = At : DN.recursionu tO{Xx : DlJ.Xy : ■U.Sij/) : DN U 

Predecessor and successor functions are defined in our language, simply as P and Si. We need to 
show how to express polynomials and in order to do this we will define the operators add : DU — > 
■U ^ U and mult : DU ^ DU ^ U. We define add as 

add =Xx : DU.Ay : HU. 

recursionu xy (Ax : DU.Ay : BU.Siy) : DU — !> BU U 

Similarly, we define mult as 

mult =\x : DU.Ay : DU. 

recursionu (Pa;) y (Ax : DU.Az : BU.addyz) : DU DU U 

The following is quite easy: 
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Lemma 4.1. Every polynomial of one variable with natural coefficients can be encoded as a term 
of type DU U. 

Proof. Simply, turn add into a term of type DU — > DU — > U by way of subtyping and then 
compose add and mult has much as needed to encode the polynomial at hand. □ 

4.2 Finite Sets 

Any finite, linearly ordered set F = {\F\, Cj?) can be naturally encoded as an "initial segment" of 
N: if = {flo, . . . , tti} where o,j whenever i < j, then Oi is encoded simply by the natural 

number whose binary representation is 10*. For reasons of clarity, we will denote N as Fp. We 
can do some case analysis on an element of F^? by the combinator 

switch^ : UFf MA ^ ■ ■ ■ ^ "4 MA ^ A 

i times 

where A is a D-free type and i is the cardinality of |i^| . The term above can be defined by induction 
on i: 

• If i = 0, then it is simply Xx : UFp.Xy : UA.y. 

• If * > 1, then it is the following: 

Aa; : UFp-Xyo : UA Ay^ : MA.XzUA. 

(case^ X zero(A/i : MA.h) 

even {Xh : HA. switch^ (Px)yi . . . yih) 

odd {Xh : UA.yo) 

where E is the subset of F of those elements with positive indices. 

4.3 Strings 

Suppose S = {ao, . . . ,ai} is a finite alphabet. Elements of S can be encoded following the just 
described scheme, but how about strings in S*? We can somehow proceed similarly: the string 
. . . fljj. can be encoded as the natural number 

Whenevery we want to emphasize that a natural number is used as a string, we write Ss instead 
of N. It is easy to build a term appendj^ : ■(Ss x Fs) Ss which appends the second argument 
to the first argument. Similarly, one can define a term tails : BSs — ?> Ss x Fs which strips off the 
rightmost character a from the argument string and returns a together with the rest of the string; 
if the string is empty, ao is returned, by convention. 

We also define a function NtoSs : DN — )- Se that takes a natural number and produce in 
output an encoding of the corresponding string in E* (where io and ii are the indices of and 1 
in E): 

NtoSs = Xx : nN.recursionsj, x U 

Xx : UN.Xy : BS.caseN x zero append2(y, 10'") 
even append2(j/, 10*^) 
odd appends (y, 10*0 : DN -> S 

Similarly, one can write a term StoNs : DSs N. 

4.4 Probabilistic Turing Machines 

Let M be a probabilistic Turing machine M = {Q, qo, F, E, U, S), where Q is the finite set of states 
of the machine; go is the initial state; F is the set of final states of M; E is the finite alphabet 
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of the tape; U G E is the symbol for empty strmg; (5 C (Q x S) x (Q x S x {<— ,4-, — !•}) is the 
transition function of M . For each pair (g, s) £ Q x S, there are exactly two triples (ri, <i, di) and 
(r2,i2,c^2) such that ((g, s), (ri, ti, di)) G 5 and ((g, s), (ri, ti, di)) G 5. Configurations of M can 
be encoded as follows: 

{tieft,t,t„ght,s) : Ss X Fe x Ss X Fq, 

where tje/t represents the left part of the main tape, t is the symbol read from the head of M, 
tright the right part of the main tape; s is the state of our Turing Machine. Let the type Cm be 
a shortcut for Ss x Fs x Sv x Fq. 

Suppose that AI on input x runs in time bounded by a polynomial p : N — !■ N. Then we can 
proceed as follows: 

• encode the polynomial p by using function encode, add, mult, dec so that at the end we will have 
a function p : DN — > U; 

• write a term S : BCj\/ — > Cm which mimicks S. 

• write a term InitA/ : HSs — 5> Cnj which returns the initial configuration for M corresponding 
to the input string. 

The term of type DN — N which has exactly the same behavior as M is the following: 

Xx : □N.StoNs(recursioncj,, {p x) (initM (NtoSE(a;))) {Xy : MN.Xz : MCm-S zj). 

We then get a faithful encoding of PPTM into RSLR, which will be useful in the forthcoming 
section: 

Theorem 4.2. Suppose AI is a probabilistic Turing machine running in polynomial time such that 
for every n, is the distribution of possible results obtained by running M on input n. Then 
there is a first order term t such that for every n, tn evaluates to '3n- 

5 Relations with Complexity Classes 

The last two sections established a precise correspondence between RSLR and probabilistic poly- 
nomial time Turing machines. But how about probabilistic complexity classes, like BPP or PP? 
They are defined on top of probabilistic Turing machines, imposing constraints on the probability 
of error: in the case of PP, the error probability can be anywhere near i, but not equal to it, 
while in BPP it can be non-negligibly smaller than i. There are two ways RSLR can be put in 
correspondence with the complexity classes above, and these are explained in the following two 
sections. 

5.1 Leaving the Error Probability Explicit 

Of course, one possibility consists in leaving bounds on the error probability explicit in the very 
definition of what an RSLR term represents: 

Definition 5.1 (Recognising a Language with Error e). A first-order term t of arity 1 recognizes 
a language L <ZN with probability less than e if, and only if, both: 

• X e L and tx !S implies ^(0) > 1 — e. 

• X ^ L and tx implies X]s>o ^{^) > 1 ^ £• 

So, encodes an accepting state of tx and s > encodes a reject state of tx. Theorem 13.41 
together with Theorem 14.21 allows us to conclude that: 

Theorem 5.1 (^-Completeness for PP). The set of languages which can be recognized with error 
e in RSLR for some < e < 1/2 equals PP. 

But, interestingly, we can go beyond and capture a more interesting complexity class: 

Theorem 5.2 (^-Completeness for BPP). The set of languages which can be recognized with 
error e in RSLR for some < e < 1/2 equals BPP. 
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Observe how e can be even equal to i in Theorem 15 .11 while it cannot in Theorem l5.2l This is 
the main difference between PP and BPP: in the first class, the error probability can very fast 
approach ^ when the size of the input grows, while in the second it cannot. 

The notion of recognizing a language with an error e allows to capture complexity classes in 
RSLR. but it has an obvious drawback: the error probability remains explicit and external to the 
system; in other words, RSLR does not characterize one complexity class but many, depending on 
the allowed values for e. Moreover, given an RSLR term t and an error e, determining whether 
t recognizes any function with error e is not decidable. As a consequence, theorems 15.11 and 15.21 
do not suggest an enumeration of all languages in either PP or BPP. This in contrast to what 
happens with other ICC systems, e.g. SLR, in which all terms (of certain types) compute a function 
in FP (and, viceversa, all functions in FP are computed this way). As we have already mentioned 
in the Introduction, this discrepancy between FP and BPP has a name: the first is a syntactic 
class, while the second is a semantic class (see |l]). 

5.2 Getting Rid of Error Probability 

One may wonder whether a more implicit notion of representation can be somehow introduced, and 
which complexity class corresponds to RSLR this way. One possibility is taking representability 
by majority: 

Definition 5.2 (Representability-by-Majority) . Let t be a first-order term of arity 1. Then t is 
said to represent-by-majority a language i C N iff: 

1. lin& L anAtn-^ then > Em>o ^{m); 

2. If n ^ L and tn ^, then Em>o ^("*) > ^(0)- 

There is a striking difference between Definition l5.2l and Definition l5.ll the latter is asymmetric, 
while the first is symmetric. 

Please observe that any RSLR first order term t represents-by-majority a language, namely 
the language defined from t by Definition 15.21 It is well known that PP can be defined by 
majority itself, stipulating that the error probability should be at most ^ when handling strings 
in the language and strictly smaller than ^ when handling strings not in the language. As a 
consequence: 

Theorem 5.3 (Completeness-by-Majority for PP). The set of languages which can be represented- 
by-majority in RSLR equals PP. 

In other words, RSLR can indeed be considered as a tool to enumerate all functions in a 
complexity class, namely PP. At this comes with no surprise, since the latter is a syntactic class. 
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